AVARCIBER: a framework for assessing cybersecurity risks

  • PDF / 782,445 Bytes
  • 17 Pages / 595.276 x 790.866 pts Page_size
  • 76 Downloads / 207 Views

DOWNLOAD

REPORT

(0123456789().,-volV)(0123456789(). ,- volV)

AVARCIBER: a framework for assessing cybersecurity risks Angel Marcelo Rea-Guaman1 • Jezreel Mejı´a2



Tomas San Feliu1 • Jose A. Calvo-Manzano1

Received: 24 September 2019 / Revised: 1 November 2019 / Accepted: 19 December 2019  Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract The identification and assessment of risks are a fundamental part of cybersecurity. Determining the elements that participate in this field is difficult because there is no exclusive approach to cybersecurity. This document aims to provide a framework to identify and assess cybersecurity risks. For this, a systematic review of the studies related to cybersecurity risk taxonomies was carried out. The main elements of the proposed conceptual model and framework have been determined by applying the snowball technique. To validate the implementation of the proposed framework, a case study has been implemented at the Ecuadorian Social Security Institute. The first task was to consolidate the information in a baseline. Once the baseline was obtained, the defined framework has been applied. As a result, through the use of the proposed framework, the assessment process has improved the decision-making process regarding the importance and criticality of the risks and countermeasures that must be applied. Keywords Cybersecurity framework  Cybersecurity vulnerabilities  Cybersecurity threats

1 Introduction Cybersecurity is a widely used term that deals with the security of information systems and data, but it has many different definitions. According to the ESET security community [1], cybersecurity is defined as ‘‘protection of information assets, through the treatment of threats that put at risk the information that is processed, stored and transported by the interconnected information systems’’. Therefore, it is a discipline that involves technology, people, information, and processes to allow risk-free operations.

& Jezreel Mejı´a [email protected] Angel Marcelo Rea-Guaman [email protected] Tomas San Feliu [email protected] Jose A. Calvo-Manzano [email protected] 1

School of Computer Engineering, Universidad Polite´cnica de Madrid, Madrid, Spain

2

Centro de Investigacio´n en Matema´ticas A.C., Zacatecas, Mexico

In this context, the interest in cybersecurity issues is increasing [2–4]. Almost every week or every day, you hear about the violation of cybersecurity or a similar incident. The most common incidents are usually: personal information compromised, stolen credit cards, lost medical records, unauthorized access and theft of business information, and attacks on critical systems, among others. In recent years, these incidents have been published in press headlines, and the impact of intrusions on information systems is detailed, such as, for example [5]: • In September 2018. British Airways (BA)—380,000 affected customers. On its website, BA said that the stolen data included personal and financial details of customers who make

Data Loading...

Recommend Documents
Assessing Privacy and Risks

158 43 6MB

Assessing data cybersecurity using ISO/IEC 25012

162 15 546KB

Assessing the Health Risks of Climate Change

183 46 20MB

Methodologies for Assessing Risks of Accidents in Chemical Process Industries

241 49 597KB

Assessing risk of bias: a proposal for a unified framework for observational studies and randomized trials

201 89 1MB

Developing a Mechanism for Assessing Cyber Risks in Digital Technology Projects Implemented in an Industrial Enterprise

156 25 16MB

Assessing e-service quality of B2C sites: a proposed framework

169 103 1MB

Coronavirus Human Infection Challenge Studies: Assessing Potential Benefits and Risks

156 34 420KB

A Framework for Assessing the Core Capabilities of a Digital Forensic Organization

138 8 9MB

A step forward towards a comprehensive framework for assessing liquefaction land damage vulnerability: Exploration from

148 109 2MB

A network analysis framework of genetic and nongenetic risks for type 2 diabetes

143 35 914KB

A Physics-Based Approach for Managing Supply Chain Risks and Opportunities Within Its Performance Framework

117 75 54MB